Vulnerability Description
Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 4.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/127185/Android-KeyStore-Stack-Buffer-Overfl
- http://securityintelligence.com/android-keystore-stack-buffer-overflow-to-keep-tExploit
- http://www.securityfocus.com/archive/1/532527/100/0/threaded
- http://www.securityfocus.com/bid/68152
- http://www.slideshare.net/ibmsecurity/android-keystorestackbufferoverflowExploit
- http://packetstormsecurity.com/files/127185/Android-KeyStore-Stack-Buffer-Overfl
- http://securityintelligence.com/android-keystore-stack-buffer-overflow-to-keep-tExploit
- http://www.securityfocus.com/archive/1/532527/100/0/threaded
- http://www.securityfocus.com/bid/68152
- http://www.slideshare.net/ibmsecurity/android-keystorestackbufferoverflowExploit
FAQ
What is CVE-2014-3100?
CVE-2014-3100 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key ...
How severe is CVE-2014-3100?
CVE-2014-3100 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3100?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.